Best Practices for Risk Ranking

Posted by Fit For Work on Jan 18, 2018 4:54:40 PM


Managing health and safety risk is a 24/7 engagement for organizations.

Worldwide standards bring necessary structure to risk management processes. The new ISO 45001 is one of the world’s most anticipated standards for occupational health and safety systems (OHS). It is aligned with ISO 9001 (Quality Management), ISO 14001 (Environment Management), and builds on OHSAS 18001 which is a framework aimed at controlling risks. In addition, ISO 31000 standards and OSHA regulations—establish common frameworks, processes, and practices. Since risk management is a fast-moving discipline, these standards are regularly supplemented and updated.

ISO 31000 in particular states the general risk management process should be:

  1. An integral part of management,
  2. Embedded in organizational culture and practices, and
  3. Tailored to the business processes of the organization.1

A key step in risk management is risk ranking, but any risk scoring process needs to have top-down buy-in. If it’s not backed by leadership and the board, it’s not going to be integrated into an all company-wide process.

Focusing on risks within 2-3 specific critical programs or products can be a good way to bring more focus to your risk ranking. This directly links risk management to financial goals within the organization.

Getting input from the entire organization can also be very helpful. One Canadian electricity company, with C-suite buy-in, conducted annual workshops which allowed employees from all levels and functions to find and rank the most visible risks to the company’s strategic objectives. An anonymous voting program was used to rank the impact of each risk on a scale of 1 to 5. Workshops allowed further discussion of these rankings. From there, the group developed a consensus view to be recorded on a visual risk map. Each risk received an owner and action plans were created. 2

Risk management only works when the entire organization is engaged. The goal is to have safety and health integrated into everything. Nothing comes into the facility without being reviewed by your safety and risk master plan.

1. ISO 31000 Standards. Retrieved from

2. “Managing Risks: A New Framework,” Kaplan, R.S. & Mikes, A. Harvard Business Review (June 2012). Retrieved from

Find Out How We Can Help


Subscribe to our newsletter